Configure NOD32 and Postfix as Antivirus Gateway
Requirements: 1. Postifx (2.0.18) http://www.postfix.org/download.html 2. Cyrus-sasl (2.1.17) http://asg.web.cmu.edu/sasl/ 3. NOD32 for Linux Mail Server (2.09-1) http://www.nod32.si/download/download.htm |
Introduction |
In this article, we are going to use Postfix as an antivirus gateway. The reason why to do so is that, other MTAs (Qmail, Sendmail, Courier etc) do not support, or do not have simple configurations to make a content filtering, which scans incoming and outgoing emails. In traditional approach, dual mail servers are set up to enable scanning, Postfix has built-in content filter function. Once setup, it scans all emails, without considering the setup in MDAs. Also multiple filtering can be set up easily, with or without the help of amavisd. So Postfix is the best MTA to use as a gateway. At the same time, Postfix takes place some of the jobs of the original MTA, such as SASL Authentication, rate control etc. Postfix listens to port 25 as gateway. It will not handle any local delivery nor outgoing transfer. |
Compilation and Installation |
Recommended reference site for compiling Postfix + SASL: http://www.projektfarm.com/en/support/howto/postfix_smtp_auth_tls.html You can use the default postfix and cyrus-sasl package also or use the rpm delivered with your distribution, install postfix and cyrus-sasl package. (RPM Packages that comes with your distribution may be older, it is still OK) |
Configuration |
Basic configuration concepts in Postfix The main configurations files of Postfix are in /etc/postfix. You can change main.cf to config 300+ parameters for Postfix. Either you can edit the file directly, e.g. add a line ‘content_filter=smtp:[127.0.0.1]:2526, or use the command postconf: postconf -e ‘content_filter=smtp:[127.0.0.1]:2526’. There are alias, access, transport, virtual files in /etc/postfix, these files are for different kinds of mapping. After changing these files, you must rebuild the db file by postmap, e.g. remember to change alias_maps and alias_database parameters in /etc/main.cf, pointing to the correct aliases file. By default, the aliases file is located in /etc/. The postfix style command for build alias database is postalias hash:/etc/postfix/aliases (your aliases file path) Change the original mail server In this gateway, Postfix will NOT handle any kinds of local delivery. The original mail server is changed to listen port 26. Here are few examples how to change the listen port. Sendmail: Edit /etc/mail/sendmail.mc, find the line contains Port=smtp,Name=MTA,Addr=…… , change to Port=26 Qmail: Edit /var/qmail/supervise/qmail-smtpd (or equivalent file): exec /usr/local/bin/softlimit -m 2000000 \ change smtp to 26 Courier Locate your courier configuration file esmtpd, look in /etc/courier, or /usr/local/etc/courier change PORT=26 The emails goes into Postfix through port 25, after scanning, they will be forwarded to the original mail server on port 26. In order to prevent open relaying, sasl authentication must be setup. The alternative solution is setting restrictions on senders. Configure NOD32 The configuration files of NOD32 is located in /etc/nod32. Key in your username and password in /etc/nod32/nod32.auth for update. For security reason, you are recommended to chmod 400 on the file. Notification can be enabled by adding the line exec_script = yes in /etc/nod32/nod32.cfg, edit nod32d_script with your favourite format. Add the following line in main.cf: content_filter=smtp:[127.0.0.1]:2526 And the following in master.cf localhost:2525 inet n – n – 10 smtpd After installing NOD32, you are recommended to put a shortcut of /usr/sbin/nod32_update in /etc/cron.hourly, so NOD32 check updates every hour. Configure a gateway First we have to give a hostname for Postfx, why? As Postfix delivers emails to the original email server after scanning, the 2 email servers cannot have the same hostname. Edit main.cf: myhostname=nod32gateway.domain.com customize the smtp banner (for fun) as you like smtpd_banner = $myhostname Virus Gateway The next is relayhost parameter, Postfix uses this as the default next hop relayhost=127.0.0.1:26 Then we have to disable local delivery, and make emails for local domain deliver to the original mail server. Here we use the transport map. Setup the transport_maps parameter in main.cf, transport_maps = hash:/etc/postfix/transport Add the follow line in /etc/postfix/transport, rebuild transport map afterwards domain.com smtp:[127.0.0.1]:26 (If you have other sub domains) Everythng is OK now. Restart the original mail server, and run the gateway. postfix start Other issues Installing Postix over the original mail server will overwrite the original sendmail program, if you want to keep the old one, backup the sendmail program in /usr/bin (or in somewhere). If you have a webmail, you may have to correct your sendmail path in your webmail configuration file. It is advisable for you to disable the incoming access of port 26, 2525 and 2526, otherwise your mail server may become an open relay host. |
Recent Comments